summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetko Manolov <petkan@mip-labs.com>2016-01-03 16:36:38 +0100
committerMimi Zohar <zohar@linux.vnet.ibm.com>2016-01-03 19:22:38 +0100
commit6427e6c71c8b374761b661c4f355762794c171a1 (patch)
tree3648577f5c9ca834f9e634e93ea94cecae6e3245
parentIMA: policy can be updated zero times (diff)
downloadlinux-6427e6c71c8b374761b661c4f355762794c171a1.tar.xz
linux-6427e6c71c8b374761b661c4f355762794c171a1.zip
ima: ima_write_policy() limit locking
There is no need to hold the ima_write_mutex for so long. We only need it around ima_parse_add_rule(). Changelog: - The return path now takes into account failed kmalloc() call. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Petko Manolov <petkan@mip-labs.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r--security/integrity/ima/ima_fs.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 3caed6de610c..f355231997b4 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = {
static ssize_t ima_write_policy(struct file *file, const char __user *buf,
size_t datalen, loff_t *ppos)
{
- char *data = NULL;
+ char *data;
ssize_t result;
- int res;
-
- res = mutex_lock_interruptible(&ima_write_mutex);
- if (res)
- return res;
if (datalen >= PAGE_SIZE)
datalen = PAGE_SIZE - 1;
@@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
result = -EFAULT;
if (copy_from_user(data, buf, datalen))
- goto out;
+ goto out_free;
+ result = mutex_lock_interruptible(&ima_write_mutex);
+ if (result < 0)
+ goto out_free;
result = ima_parse_add_rule(data);
+ mutex_unlock(&ima_write_mutex);
+
+out_free:
+ kfree(data);
out:
if (result < 0)
valid_policy = 0;
- kfree(data);
- mutex_unlock(&ima_write_mutex);
return result;
}